W32/Anel, Troj/AngelWin, WORM_ANEL.A, Worm/Anel, I-Worm/Angel
Email-Worm.Win32.Anel, I-Worm.Anel, Win32.HLLW.Rafie.40960, Backdoor:Win32/Rabiggs, Win32:Trojan-gen
Category: Computer Worm
Active & Spreading
30 Oct 2002
Written using the Visual Basic programming language, this mass mailing Worm makes use of the address book of Microsoft Outlook to send a copy of itself to unsuspecting computer users. The [email protected]
program attaches the file Checkwin.exe and convinces the recipient to launch the seemingly harmless file to initiate infection.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
An early sign of the execution of the [email protected]
Worm is the creation of the ReadThisPage.html file in the root directory of the main hard drive. It also creates its main executable file Checkwin.exe within the Windows directory in an attempt to hide it amongst legitimate EXE system files. The [email protected]
program then proceeds to harvest contacts stored in the Windows Address Book and make them potential targets of its infection. Previous instances of infections have established that this malware makes use of the "Hehehehtetetete" as subject line. The message body itself contains something like "Hello Buddy , Check the Attachment And Have Fun With that, Yoohooo." in an attempt to look friendly and give the recipient a feeling of assurance that the email message was sent legitimately.
In majority of infections associated with the [email protected]
Worm, the computer user remains unaware that his email account has already been hijacked unless one of the recipients alert him to the incidence. These types of malware normally do not damage any installed files but rather lower system security and stability allowing for more potentially dangerous attacks on the already infected machine. Due to the possibility of the [email protected]
program extracting more deeply embedded files in the system manual removal may be time consuming and impractical. A good alternative would be to resort to a dependable antivirus application provided it makes use of an updated definition file and detection engine.